Vendors and Government Cooperate to Produce a Practical Protection Profile

Abstract:

There are many reasons for developing a Protection Profile (PP) but the real value comes from stating the customer's security requirements in a PP that allows vendors to provide and compete. In one highly competitive market, RDBMS, a cooperative PP effort is producing the right PP for both the customer and for all the competitors. This paper describes the circumstances that brought together the major vendors and then the government agency responsible for developing the PP. It tracks two levels of cooperation; between Oracle, Microsoft, and Sybase and between this informal vendor group and the U.S. National Security Agency (NSA). The paper provides a few samples of the kinds of PP development/refinement decisions made and why. It may the new way to develop PPs while ensuring that results provide both the security required and the products to satisfy the requirements. Or is may just simply be what the CC developers had in mind from the beginning. (Presented by the vendor participants.)

Authors/Presenters:
Roger French, Microsoft
Duncan Harris, Oracle
John Kendrick, Sybase
Shaun Lee, Oracle
Jeff Pryslak, Sybase